CN114915583A - Message processing method, client device, server device, and medium - Google Patents
Message processing method, client device, server device, and medium Download PDFInfo
- Publication number
- CN114915583A CN114915583A CN202110184521.7A CN202110184521A CN114915583A CN 114915583 A CN114915583 A CN 114915583A CN 202110184521 A CN202110184521 A CN 202110184521A CN 114915583 A CN114915583 A CN 114915583A
- Authority
- CN
- China
- Prior art keywords
- server
- client
- encrypted
- service
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 claims abstract description 46
- 230000004044 response Effects 0.000 claims abstract description 34
- 238000013507 mapping Methods 0.000 claims description 29
- 238000013475 authorization Methods 0.000 claims description 25
- 230000011218 segmentation Effects 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 19
- 230000005540 biological transmission Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 14
- 230000009471 action Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 10
- 230000003993 interaction Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000011664 signaling Effects 0.000 description 4
- 238000013500 data storage Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/34—Source routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/56—Routing software
- H04L45/566—Routing instructions carried by the data packet, e.g. active networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
Abstract
The present disclosure provides a message processing method, applied to a client device, where the client device includes a client, and the method includes: in response to a first service message sent from a client to a server, replacing a source address of the first service message with a corresponding encrypted client segment identifier; encrypting a source address and a destination address of the first service message by using a server public key according to the encrypted server segment identifier, and sending the encrypted first service message to the server; and responding to a second service message sent by the server, decrypting a source address and a destination address of the second service message by using a client private key, and replacing the destination address of the second service message with the address of the client. The disclosure also provides a message processing method applied to the server-side equipment, the client-side equipment, the server-side equipment and a computer readable medium.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a message processing method, a client device, a server device, and a computer-readable medium.
Background
As a network forwarding technology, a Segment Routing IPv6 (SRv 6) architecture based on the sixth version of the internet protocol is designed based on a source Routing concept, and by means of a forwarding mechanism of the sixth version of the internet protocol (IPv6), forwarding of an IPv6 packet is realized by performing new extension in an IP extension Header thereof, and a newly added extension part is called a Segment Routing Header (SRH). The header of the segmented routing message contains an IPv6 address stack, and the destination address is updated according to the sequence of the intermediate nodes, so that the hop-by-hop forwarding of the message in the network is completed.
At present, in the process of message transmission, an intermediate node in a link may obtain network element information of a source end and a destination end by parsing a message, so that there is a possibility that a third party intercepts the message by an unauthorized means and obtains relevant information of a host and a server by using a parsing method, and the security of message transmission cannot be ensured.
Disclosure of Invention
The present disclosure is directed to at least one of the technical problems in the prior art, and provides a message processing method, a client device, a server device, and a computer readable medium.
In order to achieve the above object, in a first aspect, an embodiment of the present disclosure provides a packet processing method, which is applied to a client device, where the client device includes a client, and the method includes:
in response to a first service message sent from a client to a server, replacing a source address of the first service message with a corresponding encrypted client segment identifier, wherein a destination address of the first service message is the encrypted server segment identifier corresponding to the server;
encrypting a source address and a destination address of the first service message by using a server public key according to the encrypted server segment identifier, and sending the encrypted first service message to the server;
and responding to a second service message sent by the server, decrypting a destination address of the second service message by using a client private key, and replacing the destination address of the second service message with the address of the client, wherein the destination address of the second service message is the encrypted client segment identifier encrypted by the server by using a client public key.
In a second aspect, an embodiment of the present disclosure further provides a message processing method, applied to a server-side device, where the server-side device includes a server, and the method includes:
in response to a first service message sent by a client, decrypting a destination address of the first service message by using a server private key, and replacing the destination address of the first service message with an address of a server, wherein the destination address of the first service message is an encrypted server segment identifier encrypted by client equipment by using a server public key;
responding to a second service message sent from the server to the client, and replacing a source address of the second service message with the encrypted server segmentation identifier, wherein a destination address of the second service message is the encrypted client segmentation identifier corresponding to the client;
and encrypting the source address and the destination address of the second service message by using a client public key according to the encrypted client segment identifier, and sending the encrypted second service message to the client.
In a third aspect, an embodiment of the present disclosure further provides a client device, including:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the message processing method according to the first aspect.
In a fourth aspect, an embodiment of the present disclosure further provides a server-side device, including:
one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the message processing method according to the second aspect.
In a fifth aspect, this disclosed embodiment also provides a computer readable medium, on which a computer program is stored, where the program, when executed by a processor, implements the steps in the message processing method according to the first aspect.
In a sixth aspect, this disclosed embodiment also provides a computer readable medium, on which a computer program is stored, where the program, when executed by a processor, implements the steps in the message processing method according to the second aspect.
The present disclosure has the following beneficial effects:
in the process of transmitting service messages, for the client device and the server device, a sending end of the client device and the server device replaces a source address of a service message which is ready to be sent and has a destination address as a specific type of segment identification corresponding to an opposite end with the segment identification of the specific type corresponding to the local end, encrypts the source address and the destination address of the service message according to the segment identification of the specific type and then sends the encrypted message, a receiving end receives the message and decrypts the destination address of the message, and replaces the destination address of the message with the address corresponding to the local end, so that the protection of network element information of both message sending and receiving sides is realized, and the problem of safety of service message transmission in a network is effectively solved.
Drawings
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a message processing method according to an embodiment of the present disclosure;
fig. 3 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 4 is a flowchart of another message processing method according to an embodiment of the present disclosure;
FIG. 5 is a flowchart illustrating a method of step S2 according to an embodiment of the present disclosure;
fig. 6 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 7 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 8 is a flowchart of another message processing method according to an embodiment of the present disclosure;
FIG. 9 is a flowchart illustrating a method of step S9 according to an embodiment of the present disclosure;
fig. 10 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 11 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 12 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 13 is a flowchart of another message processing method according to an embodiment of the present disclosure;
fig. 14 is a schematic structural diagram of a client device according to an embodiment of the present disclosure;
fig. 15 is a schematic structural diagram of a server-side device according to an embodiment of the present disclosure;
FIG. 16 is a schematic structural diagram of a computer-readable medium provided by an embodiment of the present disclosure;
fig. 17 is a schematic structural diagram of another computer-readable medium provided in an embodiment of the present disclosure.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present disclosure, the following describes the message processing method, the client device, the server device, and the computer readable medium provided in the present disclosure in detail with reference to the accompanying drawings.
Example embodiments will be described more fully hereinafter with reference to the accompanying drawings, but which may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It will be understood that, although the terms first, second, etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. Thus, a first element, component, or module discussed below could be termed a second element, component, or module without departing from the teachings of the present disclosure.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and the present disclosure, and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
In the message processing method, the client device, the server device and the computer readable medium provided by the disclosure, in the service message transmission process, for the client device and the server device, a sending end replaces a source address of a service message which is ready to be sent and has a destination address as a specific type of segment identifier corresponding to an opposite end with the specific type of segment identifier corresponding to the local end, encrypts the source address and the destination address of the service message according to the specific type of segment identifier and then sends the encrypted source address and destination address, a receiving end receives the message and decrypts the destination address of the message, and replaces the destination address of the message with the address corresponding to the local end, so that the protection of network element information of both message sending and receiving parties is realized, and the problem of the safety of service message transmission in a network is effectively solved.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present disclosure. As shown in fig. 1, the network includes a client device, an intermediate node, a server device, and a service management controller.
The network architecture is a segmented routing architecture based on the sixth version of the internet protocol, the client device and the server device perform message transmission through intermediate nodes, and the intermediate nodes are segmented routing nodes. Specifically, the client device comprises a client and a client gateway, wherein the client is a device which is accessed to a network through the client gateway and needs to communicate with the server, and comprises a personal computer, a tablet, a mobile terminal and the like; the server-side equipment comprises a server side and a server-side gateway, and the server side can access a network through the server-side gateway; the service management controller is a control layer and is used for managing and controlling the service communication between the server side and the client side; in some embodiments, the segment routing node may include an operator backbone Router (Provider), an operator Edge Router (PE), an Autonomous System Border Router (ASBR), an Area Border Router (ABR), and the like.
Fig. 2 is a flowchart of a message processing method according to an embodiment of the present disclosure. As shown in fig. 2, the method is applied to a client device, and includes:
step S1, in response to the first service packet sent from the client to the server, replacing the source address of the first service packet with the corresponding encrypted client segment identifier.
The client device comprises a client, and the method flow is executed by the client; alternatively, in some embodiments, the client device further includes a client gateway corresponding to the client, and at this time, the method flow may be executed by the client gateway.
In step S1, the destination address of the first service packet is the encrypted server segment identifier corresponding to the server. Specifically, in a Segment routing architecture based on the sixth version of the internet protocol, a corresponding Segment ID (SID) is configured for a network address, and the Segment ID has an explicit indication function and is a network Instruction (Instruction); when the corresponding message passes through the intermediate node, the intermediate node reads the segment identifier carried in the segment routing message header and a corresponding series of indication operations (also called segment operations), and completes the corresponding forwarding action to forward the message according to the segment identifier and the indication operations, wherein the indication operations are used for indicating the routing and transmission of data in the network.
In step S1, the segment id of the encryption client and the segment id of the encryption server are pre-configured for the client device and the server respectively, and a particular type of segment id provided for the present disclosure is not used to indicate an existing forwarding action, but is used to indicate an encryption forwarding action, that is, the segment id of the encryption client and the segment id of the encryption server indicate that, in addition to indicating routing and transmission of data in the network, a source address and a destination address of a corresponding message need to be encrypted, so the segment id of the encryption client and the segment id of the encryption server do not indicate that the segment id itself is encrypted, but are used to indicate the above-mentioned encryption forwarding action.
In some embodiments, the type field "end.s.dec" may be used to tag segment identifications of a particular type. In some embodiments, the mapping relationship between the segment identifier of a specific type and the address of the corresponding device may be established through a configuration manner or based on a routing protocol during service authorization.
And step S2, encrypting the source address and the destination address of the first service message by using the server public key according to the encrypted server segment identifier, and sending the encrypted first service message to the server.
And the encrypted first service message means that the source address and the destination address of the first service message are encrypted and sent by using the server public key according to the encryption forwarding action indicated by the encryption server side segment identifier. In particular, in some embodiments, the parameter portions of the source and destination addresses are encrypted.
The public key of the server belongs to a public and private key pair of the server, the public and private key pair can be configured in advance by the server or configured in advance by a service management controller and issued to the server, and the client device acquires the public key of the server in advance.
Step S3, in response to the second service packet sent by the server, decrypting the source address and the destination address of the second service packet using the client private key, and replacing the destination address of the second service packet with the address of the client.
The destination address of the second service message is an encrypted client segmentation identifier encrypted by the server side by using a client public key; the client private key belongs to a public and private key pair of the client, the public and private key pair can be configured in advance by the client or configured in advance by the service management controller and issued to the client, and the server-side equipment acquires the client public key in advance.
In some embodiments, further comprising: decrypting the source address of the second service message by using the private key of the client; specifically, the source address of the second service packet is an encrypted server segment identifier that is encrypted by the server using the client public key.
In some embodiments, the client gateway may perform corresponding decryption, replace the destination address of the second service packet with the address of the client, and then send the second service packet to the client.
The embodiment of the disclosure provides a message processing method, which can be used for replacing a source address of a service message, which is to be sent and has a destination address as a specific type of segment identifier corresponding to an opposite terminal, with a specific type of segment identifier corresponding to a local terminal by client equipment in a service message transmission process, encrypting the source address and the destination address of the service message according to the specific type of segment identifier, and then sending the encrypted source address and destination address; for the service message returned by the server-side equipment, the destination address of the message is decrypted, and the destination address of the message is replaced by the address corresponding to the local side, so that the network element information of both the message receiving and sending parties is protected, and the safety problem of service message transmission in the network is effectively solved.
Fig. 3 is a flowchart of another message processing method according to an embodiment of the present disclosure. As shown in fig. 3, the method is an embodied alternative embodiment based on the method shown in fig. 2. Specifically, the method includes steps S1 to S3, and includes steps S01 and S02 before the step of replacing the source address of the first traffic packet with the corresponding encrypted client segment identifier in response to the first traffic packet sent from the client to the server in step S1. Only step S01 and step S02 will be described in detail below.
Step S01, in response to the service authorization request sent from the client to the server, configuring the encrypted client segment identifier, and establishing a mapping relationship between the encrypted client segment identifier and the address of the client.
The client sends a service authorization request to the server to pre-establish a service communication relationship. In some embodiments, the client may also send a service authorization request to the service management controller for service authorization.
Specifically, the segment identifier includes a location field (Locator), a Function field (Function), an optional parameters field (Argument), and the like; the positioning field mainly bears the routing function and is unique in the segmented routing domain; the function field is used for identifying functions of the equipment, such as a forwarding function, a service function and the like; for the specific type of segment identifier provided in the present application, in some embodiments, the mapping relationship between the reference field and the address of the client may be established by using at least part of the optional parameter field as the reference field, so as to establish the mapping relationship between the encrypted client segment identifier and the address of the client.
In some embodiments, further comprising: and carrying out routing release on the encryption client segment identifier through an Internal Gateway Protocol (IGP).
And step S02, sending the service authorization request to the server side, and receiving a service authorization response fed back by the server side.
The service authorization response comprises an encryption server side segment identifier, so that the client device obtains the encryption server side segment identifier corresponding to the address of the server side, and the encryption server side segment identifier can be actually used as the address of the server side at the client device side.
Fig. 4 is a flowchart of another message processing method according to an embodiment of the present disclosure. As shown in fig. 4, the method is an embodiment alternative based on the method shown in fig. 2. Specifically, the method includes not only steps S1 to S3 but also steps S4 to S6. Only step S4 to step S6 will be described in detail below.
Step S4, establishing a mapping relationship between the encrypted client segment identifier encrypted by the server public key and the address of the client, and establishing a mapping relationship between the encrypted server segment identifier encrypted by the server public key and the encrypted server segment identifier.
In some embodiments, the step of encrypting the segment identification of the specific type using the server-side public key comprises: the reference field of the segment identification of the specific type is encrypted using the server-side public key. Thus, in some embodiments, similar to the step of establishing a mapping relationship based on the reference field in step S01, in step S4, a mapping relationship between the reference field encrypted using the server-side public key and the address of the client is established to establish a mapping relationship between the segment identifier of the specific type encrypted using the server-side public key and the address of the client.
Step S5, in response to a third service packet sent from the client to the server, replacing the source address of the third service packet with an encrypted client segment identifier encrypted with the server public key, and replacing the destination address of the third service packet with an encrypted server segment identifier encrypted with the server public key.
The destination address of the third service message is an encryption server side segment identifier; in step S5, the client device side establishes a mapping relationship between the encrypted segment identifier of the specific type and the corresponding address in advance, and performs direct replacement when sending or forwarding a message, thereby reducing response delay.
And step S6, sending the third service message to the server.
Fig. 5 is a flowchart illustrating a specific implementation method of step S2 in the embodiment of the present disclosure. Specifically, the client device further comprises a client gateway; as shown in fig. 5, step S2, the step of sending the first service packet to the server includes:
step S201, according to the address of the client gateway, the address of the intermediate node in the link, and the address of the server gateway corresponding to the server, a tunnel header and a segment routing extension header are generated in the outer layer of the first service packet, and the first service packet is sent to the server gateway.
In step S201, the first service packet is sent to the server via the client gateway and the segment routing node in the communication link, and the first service packet is subjected to outer layer encapsulation according to the client gateway address, the address of the segment routing node, and the server gateway address, and a tunnel header and a segment routing extension header are added. Therefore, in the foregoing method, the destination address is replaced based on the segment routing protocol mechanism when the packet passes through the segment routing node, and in this embodiment, after the packet is encapsulated by the tunnel outer layer, the destination address is replaced based on the segment routing protocol mechanism when the packet passes through the segment routing node.
The embodiment of the disclosure provides a message processing method, which can be used for protecting message transmission through a tunneling technology and a mode of setting a specific type of segment identifier.
Fig. 6 is a flowchart of another message processing method according to an embodiment of the present disclosure. As shown in fig. 6, the method is applied to a server-side device, where the server-side device includes a server side, and the method includes:
step S7, in response to the first service packet sent by the client, decrypting the source address and the destination address of the first service packet by using the server-side private key, and replacing the destination address of the first service packet with the server-side address.
The source address of the first service message is an encrypted client segmentation identifier encrypted by the client device by using a server public key, and the destination address of the first service message is an encrypted server segmentation identifier encrypted by the client device by using the server public key; the private key of the server side belongs to a public and private key pair of the server side, the public and private key pair can be configured in advance by the server side or configured in advance by a service management controller and issued to the server side, and the client side equipment acquires the public key of the server side in advance.
The server-side equipment comprises a server side, and the flow of the method is executed by the server side; alternatively, in some embodiments, the server-side device further includes a server-side gateway corresponding to the server side, and at this time, the method flow may be executed by the server-side gateway.
In some embodiments, further comprising: decrypting the source address of the first service message by using a server-side private key; specifically, the source address of the first service packet is an encrypted client segment identifier encrypted by the client using the server public key.
In some embodiments, the method flow may be performed by a server-side gateway in some embodiments. The gateway at the server end can perform corresponding decryption, and the destination address of the first service message is replaced by the address of the server end, and then the first service message is sent to the server end.
And step S8, responding to a second service message sent from the server to the client, and replacing the source address of the second service message with the encryption server segment identifier.
And the destination address of the second service message is an encrypted client segmentation identifier corresponding to the client.
And step S9, encrypting the source address and the destination address of the second service message by using the client public key according to the encrypted client segment identifier, and sending the encrypted second service message to the client.
The encrypted client public key is used for encrypting and sending a source address and a destination address of a second service message according to the encrypted forwarding action indicated by the encrypted client segment identification, wherein the encrypted second service message is the second service message which indicates that the source address and the destination address of the second service message are encrypted; the client public key belongs to a public and private key pair of the client, the public and private key pair can be configured in advance by the client or configured in advance by the service management controller and issued to the client, and the server-side equipment acquires the client public key in advance. In particular, in some embodiments, the parameter portions of the source and destination addresses are encrypted.
The embodiment of the disclosure provides a message processing method, which can be used for replacing a source address of a service message which is prepared to be sent and has a destination address as a specific type of segment identification corresponding to an opposite terminal with a specific type of segment identification corresponding to a home terminal in the transmission process of the service message, encrypting the source address and the destination address of the service message according to the specific type of segment identification, and then sending the encrypted source address and destination address; for the service message returned by the opposite end, the destination address of the message is decrypted, and the destination address of the message is replaced by the address corresponding to the side, so that the network element information of both the message receiving and sending parties is protected, and the safety problem of service message transmission in the network is effectively solved.
Fig. 7 is a flowchart of another message processing method according to an embodiment of the present disclosure. As shown in fig. 7, the method is an embodied alternative embodiment based on the method shown in fig. 6. Specifically, the method includes steps S7 to S9, and further includes step S7a before the step of decrypting the source address and the destination address of the first service packet with the server-side private key in response to the first service packet sent by the client in step S7. Only step S7a will be described in detail below.
And step S7a, responding to the service registration request sent to the service management controller from the server, configuring the encryption server segment identification, and establishing the mapping relation between the encryption server segment identification and the address of the server.
The service registration request includes a server identifier, such as a service ID and a server ID.
In some embodiments, the mapping relationship between the encryption server side segment identifier and the address of the server side can be established by using at least part of the optional parameter field of the encryption server side segment identifier as a reference field and establishing the mapping relationship between the reference field and the address of the client side.
And step S7b, sending the service registration request to the service management controller, and receiving a service registration response fed back by the service management controller.
In step S7b, the service registration response fed back by the service management controller is received, which indicates that the server-side service registration is successful.
Fig. 8 is a flowchart of another message processing method according to an embodiment of the present disclosure. As shown in fig. 8, the method is an embodied alternative embodiment based on the method shown in fig. 6. Specifically, the method includes not only steps S7 to S9 but also steps S10 to S12. Only step S10 to step S12 will be described in detail below.
Step S10, establishing a mapping relationship between the encrypted client segment identifier and the encrypted client segment identifier encrypted by the client public key, and establishing a mapping relationship between the encrypted server segment identifier and the server address encrypted by the client public key.
In some embodiments, the step of encrypting the segment identification of the particular type using the client public key comprises: the reference field of the segment identification of the particular type is encrypted using the client public key. Thus, in some embodiments, similar to the step of establishing a mapping relationship based on the reference field in step S7a, in step S10, a mapping relationship between the reference field encrypted by using the client public key and the address of the server is established to establish a mapping relationship between the segment identifier of the specific type encrypted by using the server public key and the address of the client.
Step S11, in response to a fourth service packet sent from the server to the client, replacing the source address of the fourth service packet with the encrypted server segment identifier encrypted with the client public key, and replacing the destination address of the fourth service packet with the encrypted client segment identifier encrypted with the client public key.
The destination address of the fourth service message is an encryption client segmentation identifier; in step S11, the server side establishes a mapping relationship between the encrypted segment identifier of the specific type and the corresponding address in advance, and performs direct replacement when sending or forwarding a message, thereby reducing response delay.
And step S12, sending the fourth service message to the client.
Fig. 9 is a flowchart of a specific implementation method of step S9 in the embodiment of the present disclosure. As shown in fig. 9, specifically, the server-side device further includes a server-side gateway; step S9, the step of sending the second service packet to the client includes:
step S901, generating a tunnel header and a segment routing extension header in an outer layer of the second service packet according to the server gateway address, the intermediate node address in the link, and the client gateway address corresponding to the client, and sending the second service packet to the client gateway.
In step S901, the second service packet is sent to the client via the server-side gateway and the segment routing node in the communication link, and the second service packet is subjected to outer encapsulation according to the address of the client-side gateway, the address of the segment routing node, and the address of the server-side gateway, and a tunnel header and a segment routing extension header are added. Therefore, in the foregoing method, the destination address is replaced based on the segment routing protocol mechanism when the packet passes through the segment routing node, and in this embodiment, after the packet is encapsulated by the tunnel outer layer, the destination address is replaced based on the segment routing protocol mechanism when the packet passes through the segment routing node.
The following describes the message processing method provided by the present disclosure in detail in conjunction with practical applications.
Fig. 10 is a signaling diagram of another message processing method according to an embodiment of the present disclosure. As shown in fig. 10, in the interaction process applied to the client device and the server-side device, the client device includes a client, the server-side device includes a server, and the number of the intermediate nodes may be one or more (not shown in the figure), and the method includes:
BZ01, the server prepares to send a service registration request (not shown in the figure) to the service management controller, configures the segment identifier of the encryption server, and establishes the mapping relationship between the segment identifier of the encryption server and the address of the server.
BZ02, the server side sends a service registration request to the service management controller; wherein the service registration request comprises a server identification.
BZ03, the service management controller saves the server identification, and completes the service registration of the server side.
BZ04, the service management controller sends service registration response to the server side.
BZ05, the client prepares to send service authorization request to the server, configures the segment identification of the encrypted client, and establishes the mapping relation between the segment identification of the encrypted client and the address of the client.
BZ06, the client sends a service authorization request to the server end through the intermediate node.
BZ07, the server side authorizes the service (not shown in the figure), and sends a service authorization response to the client side via the intermediate node, wherein the service authorization response comprises the encrypted server side segment identification.
And thus, the service registration of the server side and the service authorization of the client side are completed.
Fig. 11 is a signaling diagram of another message processing method according to an embodiment of the present disclosure. As shown in fig. 11, in the interaction process applied to the client device and the server, the client device includes a client, the server device includes a server, and the intermediate node may be one or more (not shown in the figure), the method includes:
the BZ101 and the client replace a source address of a first service message to be sent to the server by an encrypted client segment identifier; and the destination address of the first service message is an encrypted server-side segment identifier of the server side.
The BZ102 and the client encrypt the source address and the destination address of the first service packet by using the server public key based on the encryption forwarding action indicated by the encryption server segment identifier, and then send the first service packet to the server via the intermediate node.
And the BZ2 and the server side decrypt the source address and the destination address of the first service message by using a server side private key and replace the destination address of the first service message with the address of the server side.
BZ301, the server replaces the source address of a second service message to be sent to the client with the encryption server segmentation identification; and the destination address of the second service message is the encryption client segmentation identification.
The BZ302, the server side encrypts the source address and the destination address of the second service message using the client public key based on the encrypted forwarding action indicated by the encrypted client segment identifier, and thereafter, sends the second service message to the client via the intermediate node.
And the BZ4 decrypts the source address and the destination address of the second service message by using the client private key, and replaces the destination address of the second service message with the address of the client.
Thus, the mutual transmission of the messages between the client and the server is completed.
Fig. 12 is a signaling diagram of another message processing method according to an embodiment of the present disclosure. As shown in fig. 12, in the interaction process applied to the client device and the server, the client device includes a client and a client gateway, the server device includes a server and a server gateway, and the intermediate node may be one or more (not shown in the figure), and the method includes:
BZ081, the server side sends a service registration request to a gateway of the server side; wherein the service registration request is intended for the service management controller.
BZ082 and the server gateway configure the segment identification of the encryption server, and establish the mapping relation between the segment identification of the encryption server and the address of the server.
BZ083, the server side gateway sends a service registration request to the service management controller; wherein the service registration request includes a server identification.
And the BZ09 and the service management controller store the server identifier to complete the service registration of the server side.
BZ0101, the service management controller sends a service registration response to the server-side gateway.
BZ0102 and the server-side gateway send a service registration response to the server side.
BZ0111, the client sends a service authorization request to the client gateway; wherein, the service authorization request is prepared to be sent to the server side.
BZ0112, the client gateway configures the encrypted client segment identification, and establishes the mapping relation between the encrypted client segment identification and the address of the client.
BZ0113, the client gateway sends a service authorization request to the server through the intermediate node and the server gateway.
BZ012, the server side performs service authorization (not shown in the figure) and sends a service authorization response to the client side gateway through the server gateway and the intermediate node; and the service authorization response comprises the encryption server side segment identification.
BZ0131, the client gateway saves the encryption server side segment identification.
And the BZ0132 sends a service authorization response to the client by the client gateway.
And thus, the service registration of the server side and the service authorization of the client side are completed.
Fig. 13 is a signaling diagram of another message processing method according to an embodiment of the present disclosure. As shown in fig. 13, in the interaction process applied to the client device and the server, the client device includes a client and a client gateway, the server device includes a server and a server gateway, and the intermediate node may be one or more (not shown in the figure), and the method includes:
the BZ501 and the client send a first service message to a client gateway; wherein, the first service message is prepared to be sent to the server.
The BZ502 and the client gateway replace the source address of the first service packet with the corresponding encrypted client segment identifier.
The BZ503 and the client gateway encrypt the source address and the destination address of the first service message by using the server public key based on the encryption forwarding action indicated by the encryption server segment identifier, and then send the first service message to the server gateway via the intermediate node.
The BZ601 and the server gateway decrypt the source address and the destination address of the first service message by using the server private key, and replace the destination address of the first service message with the address of the server.
The BZ602 and the server side gateway send the first service message processed by the BZ701 to the server side.
The BZ701 and the server side send a second service message to the server side gateway; and the second service message is prepared to be sent to the client.
The BZ702 and the server gateway replace the source address of the second service message with the encrypted server segment identifier; and the destination address of the second service message is the encryption client segmentation identifier.
The BZ703 and the server gateway encrypt the source address and the destination address of the second service packet by using the client public key based on the encrypted forwarding action indicated by the encrypted client segment identifier, and then send the second service packet to the client gateway via the intermediate node.
The BZ801 and the client gateway decrypt the source address and the destination address of the second service message by using the client private key, and replace the destination address of the second service message with the address of the client.
And the BZ802 and the client gateway send the second service message processed by the BZ901 to the client.
Thus, the mutual transmission of messages between the client and the server is completed.
Fig. 14 is a schematic structural diagram of a client device according to an embodiment of the present disclosure. As shown in fig. 14, the client device includes:
one or more processors 101;
a memory (device) 102 on which one or more programs are stored, which when executed by the one or more processors, cause the one or more processors to implement the message processing method applied to the client device as in any one of the above embodiments;
one or more I/O interfaces 103 coupled between the processor and the memory and configured to enable information interaction between the processor and the memory.
The processor 101 is a device with data processing capability, which includes but is not limited to a Central Processing Unit (CPU), etc.; memory 102 is a device having data storage capabilities including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), FLASH memory (FLASH); an I/O interface (read/write interface) 103 is connected between the processor 101 and the memory 102, and can realize information interaction between the processor 101 and the memory 102, which includes but is not limited to a data Bus (Bus) and the like.
In some embodiments, the processor 101, memory 102, and I/O interface 103 are interconnected via a bus 104, which in turn connects with other components of the computing device.
In some embodiments, the client device further comprises a client and a client gateway.
Fig. 15 is a schematic structural diagram of a server-side device according to an embodiment of the present disclosure. As shown in fig. 15, the server-side device includes:
one or more processors 201;
a memory 202, on which one or more programs are stored, when the one or more programs are executed by the one or more processors, the one or more processors implement the message processing method applied to the server side as in any of the above embodiments;
one or more I/O interfaces 203 coupled between the processor and the memory and configured to enable information interaction between the processor and the memory.
The processor 201 is a device with data processing capability, and includes but is not limited to a Central Processing Unit (CPU) and the like; memory 202 is a device having data storage capabilities including, but not limited to, random access memory (RAM, more specifically SDRAM, DDR, etc.), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), FLASH memory (FLASH); the I/O interface (read/write interface) 203 is connected between the processor 201 and the memory 202, and can realize information interaction between the processor 201 and the memory 202, which includes but is not limited to a data Bus (Bus) and the like.
In some embodiments, the processor 201, memory 202, and I/O interface 203 are interconnected via a bus 204, which in turn connects with other components of the computing device.
In some embodiments, the server-side device further comprises a server-side and a server-side gateway.
Fig. 16 is a schematic structural diagram of a computer-readable medium according to an embodiment of the present disclosure. The computer readable medium has a computer program stored thereon, wherein the program, when executed by a processor, implements the steps of the message processing method applied to the client device as in any one of the above embodiments.
Fig. 17 is a schematic structural diagram of another computer-readable medium provided in the embodiments of the present disclosure. The computer readable medium has stored thereon a computer program, wherein the program, when executed by a processor, implements the steps in the message processing method applied to the server side as in any of the above embodiments.
It will be understood by those of ordinary skill in the art that all or some of the steps of the methods disclosed above, functional modules/units in the apparatus, may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
Example embodiments have been disclosed herein, and although specific terms are employed, they are used and should be interpreted in a generic and descriptive sense only and not for purposes of limitation. In some instances, features, characteristics and/or elements described in connection with a particular embodiment may be used alone or in combination with features, characteristics and/or elements described in connection with other embodiments, unless expressly stated otherwise, as would be apparent to one skilled in the art. It will, therefore, be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the disclosure as set forth in the appended claims.
Claims (12)
1. A message processing method is applied to client equipment, wherein the client equipment comprises a client, and the method comprises the following steps:
responding to a first service message sent from a client to a server, and replacing a source address of the first service message with a corresponding encrypted client segmentation identifier, wherein a destination address of the first service message is the encrypted server segmentation identifier corresponding to the server;
encrypting a source address and a destination address of the first service message by using a server public key according to the encrypted server segment identifier, and sending the encrypted first service message to the server;
and responding to a second service message sent by the server, decrypting a source address and a destination address of the second service message by using a client private key, and replacing the destination address of the second service message with the address of the client, wherein the destination address of the second service message is the encrypted client segment identifier encrypted by the server by using a client public key.
2. The message processing method according to claim 1, wherein before the replacing, in response to a first traffic message sent from the client to the server, a source address of the first traffic message with a corresponding encrypted client segment identifier, the method further comprises:
responding to a service authorization request sent from the client to the server, configuring the encrypted client segment identifier, and establishing a mapping relation between the encrypted client segment identifier and the address of the client;
sending the service authorization request to the server side, and receiving a service authorization response fed back by the server side, wherein the service authorization response comprises: and the encryption server side segment identification.
3. The message processing method according to claim 1, further comprising:
establishing a mapping relation between the encrypted client-side segment identifier encrypted by the server-side public key and the address of the client, and establishing a mapping relation between the encrypted server-side segment identifier encrypted by the server-side public key and the encrypted server-side segment identifier;
in response to a third service message sent from the client to the server, replacing a source address of the third service message with the encrypted client segment identifier encrypted by using the server public key, and replacing a destination address of the third service message with the encrypted server segment identifier encrypted by using the server public key, wherein the destination address of the third service message is the encrypted server segment identifier;
and sending the third service message to the server.
4. The message processing method of claim 1, wherein the client device further comprises a client gateway;
the sending the first service packet to the server includes:
and generating a tunnel head and a segmented routing extension head on the outer layer of the first service message according to a client gateway address, an intermediate node address in a link and a server gateway address corresponding to the server, and sending the first service message to the server gateway.
5. A message processing method is applied to server-side equipment, wherein the server-side equipment comprises a server side, and the method comprises the following steps:
in response to a first service message sent by a client, decrypting a source address and a destination address of the first service message by using a server private key, and replacing the destination address of the first service message with an address of a server, wherein the source address of the first service message is an encrypted client segmentation identifier encrypted by client equipment by using a server public key, and the destination address of the first service message is the encrypted server segmentation identifier encrypted by the client equipment by using the server public key;
in response to a second service message sent from the server to the client, replacing a source address of the second service message with the encryption server segment identifier, wherein a destination address of the second service message is the encryption client segment identifier;
and encrypting the source address and the destination address of the second service message by using a client public key according to the encrypted client segment identifier, and sending the encrypted second service message to the client.
6. The message processing method according to claim 5, wherein before the first service message sent by the response client uses a server-side private key to decrypt a source address and a destination address of the first service message, the method further comprises:
responding to a service registration request sent from the server to a service management controller, configuring the encryption server segmentation identification, and establishing a mapping relation between the encryption server segmentation identification and the address of the server;
and sending the service registration request to the service management controller, and receiving a service registration response fed back by the service management controller.
7. The message processing method according to claim 5, further comprising:
establishing a mapping relation between the encrypted client side segment identifier encrypted by using the client side public key and the encrypted client side segment identifier, and establishing a mapping relation between the encrypted server side segment identifier encrypted by using the client side public key and the address of the server side;
in response to a fourth service message sent from the server to the client, replacing a source address of the fourth service message with the encrypted server segment identifier encrypted by using the client public key, and replacing a destination address of the fourth service message with the encrypted client segment identifier encrypted by using the client public key, wherein the destination address of the fourth service message is the encrypted client segment identifier;
and sending the fourth service message to the client.
8. The message processing method according to claim 5, wherein the server-side device further comprises a server-side gateway;
the sending the second service packet to the client includes:
and generating a tunnel head and a segmented routing extension head on the outer layer of the second service message according to the address of the server-side gateway, the address of the intermediate node in the link and the address of the client-side gateway corresponding to the client side, and sending the second service message to the client-side gateway.
9. A client device, comprising:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the message processing method of any of claims 1-4.
10. A server-side device, comprising:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the message processing method of any of claims 5-8.
11. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, carries out the message processing method according to any one of claims 1-4.
12. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, carries out the message processing method according to any one of claims 5-8.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184521.7A CN114915583A (en) | 2021-02-08 | 2021-02-08 | Message processing method, client device, server device, and medium |
| EP22749258.4A EP4287550A1 (en) | 2021-02-08 | 2022-02-08 | Packet processing method, client end device, server end device, and computer-readable medium |
| US18/276,280 US20240114013A1 (en) | 2021-02-08 | 2022-02-08 | Packet processing method, client end device, server end device, and computer-readable medium |
| PCT/CN2022/075472 WO2022166979A1 (en) | 2021-02-08 | 2022-02-08 | Packet processing method, client end device, server end device, and computer-readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110184521.7A CN114915583A (en) | 2021-02-08 | 2021-02-08 | Message processing method, client device, server device, and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114915583A true CN114915583A (en) | 2022-08-16 |
Family
ID=82741995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110184521.7A Pending CN114915583A (en) | 2021-02-08 | 2021-02-08 | Message processing method, client device, server device, and medium |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US20240114013A1 (en) |
| EP (1) | EP4287550A1 (en) |
| CN (1) | CN114915583A (en) |
| WO (1) | WO2022166979A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115996210B (en) * | 2023-03-23 | 2023-06-27 | 湖南盾神科技有限公司 | Address port hopping method of source variable mode |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8190878B2 (en) * | 2007-03-23 | 2012-05-29 | Microsoft Corporation | Implementation of private messaging |
| CN102281261A (en) * | 2010-06-10 | 2011-12-14 | 杭州华三通信技术有限公司 | Data transmission method, system and apparatus |
| WO2012016383A1 (en) * | 2010-08-05 | 2012-02-09 | Northeastern University Technology Transfer Center | Method and device for encryption/decryption and communication system |
| CN111010274B (en) * | 2019-12-30 | 2022-08-12 | 烽火通信科技股份有限公司 | Safe and low-overhead SRv6 implementation method |
-
2021
- 2021-02-08 CN CN202110184521.7A patent/CN114915583A/en active Pending
-
2022
- 2022-02-08 WO PCT/CN2022/075472 patent/WO2022166979A1/en active Application Filing
- 2022-02-08 EP EP22749258.4A patent/EP4287550A1/en active Pending
- 2022-02-08 US US18/276,280 patent/US20240114013A1/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022166979A1 (en) | 2022-08-11 |
| US20240114013A1 (en) | 2024-04-04 |
| EP4287550A1 (en) | 2023-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11165604B2 (en) | Method and system used by terminal to connect to virtual private network, and related device | |
| CN110650076B (en) | VXLAN implementation method, network equipment and communication system | |
| EP3309993A1 (en) | Method, device and system for processing vxlan packet | |
| JP5607655B2 (en) | Unencrypted network operation solution | |
| CN103188351B (en) | IPSec VPN traffic method for processing business and system under IPv6 environment | |
| CN111787025B (en) | Encryption and decryption processing method, device and system and data protection gateway | |
| CN111385259B (en) | Data transmission method, device, related equipment and storage medium | |
| CN106878278B (en) | Message processing method and device | |
| WO2021086842A1 (en) | Security association reuse for multiple connections | |
| US20190068762A1 (en) | Packet Parsing Method and Device | |
| CN113726795A (en) | Message forwarding method and device, electronic equipment and readable storage medium | |
| CN113347198B (en) | ARP message processing method, device, network equipment and storage medium | |
| CN110943996B (en) | Management method, device and system for business encryption and decryption | |
| CN114915583A (en) | Message processing method, client device, server device, and medium | |
| JP4305087B2 (en) | Communication network system and security automatic setting method thereof | |
| CN113810173A (en) | Method for checking application information, message processing method and device | |
| US20100275008A1 (en) | Method and apparatus for secure packet transmission | |
| CN109361684B (en) | Dynamic encryption method and system for VXLAN tunnel | |
| CN110677389A (en) | SSL protocol-based hybrid attack protection method and device | |
| CN114338116B (en) | Encryption transmission method and device and SD-WAN network system | |
| US20240039702A1 (en) | Distribution and use of encryption keys to direct communications | |
| WO2022063075A1 (en) | Billing method and apparatus, communication device, and readable storage medium | |
| EP4297386A1 (en) | Call processing method, related device, and storage medium | |
| WO2015043421A1 (en) | Information transmission method, device and system thereof | |
| CN116346769A (en) | Service interaction method, device, service system, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |